Israeli malware can hack isolated computers by forcing their LED indicators to blink
Israeli researchers have found a way to attack isolated computers by taking control of their LED indicators, which are forced to blink up to 6,000 times a second to send a signal containing data to a camera mounted on a drone near the targeted computer.
The technique specifically targets so-called “air-gapped” computers, which are cut off from the Internet and company networks, making them the most challenging targets for hackers. Consequently, they typically carry the most sensitive information.
The LED control method, which makes it possible to steal data from isolated computers while raising minimum suspicion, was devised by researchers of the Negev (BGU) Cyber Security Research Center at Ben-Gurion University.
“The LED is always blinking as it’s doing searching and indexing, so no one suspects, even in the night. It’s very covert, actually,” researcher Mordechai Guri said, as cited by the Wired.
In a demonstration video, a drone is shown navigating into the line of sight of a computer. Once the drone locates the target, malware starts transmitting data via a hard drive LED indicator, which blinks the signal to the built-in camera on the drone.
According to the researchers, the data can be transferred at rate as fast as 4,000 bits per second with a specialized Siemens photodiode sensor on the drone. The blinking can be recorded by a camera and deciphered later.
The LED can be forced to blink at a rate of up to 6,000 times per second, which is indiscernible for humans, but potentially readable for light sensors.
“It’s possible for the attacker to do such fast blinking that a human never sees it,” Guri noted.
Of course, the technique relies on the computer being infected prior to the transmission, which can be accomplished using a USB stick or SD card.
While this type of attack is novel and hard to detect, it has one obvious drawback: the computer’s LEDs can simply be covered.